Port Forwarding - Reverse SSH - Source IP
Solution 1:
Server-A = Private IP 192.168.1.1 with Public IP 1.2.3.4 (has direct internet access)
Server-B = 192.168.1.2 (no direct internet access)
Client-PC = Public IP 5.6.7.8 (router's ISP address)
You must get rid of SSH Tunneling in order to achieve your goal. When Client-PC
attempts to connect to Server-A
, it must be redirected to Server-B
on TCP 22
. From Server-B
perspective, SSH traffic is coming from 5.6.7.8
On the host that is acting as a Linux gateway (Server-A in this case), do the following:
$ sudo echo "1" > /proc/sys/net/ipv4/ip_forward
$ sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d 1.2.3.4 --dport 22 -j DNAT --to-destination 192.168.1.2:22
$ sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
From Server-B
, make sure it knows how to send return traffic back to 5.6.7.8
If not, then add a static route on Server-B
$ sudo ip route add default via 192.168.1.1